2009/5/11 Ricardo Oliveira rvel...@cs.ucla.edu:
Hi all,
First, thanks for using Cyclops, and thanks for all the Cyclops users that
drop me a message about this.
It seems some router in AS13214 decided to originate all the prefixes and
send them to AS48285 in the Caymans, all the ASPATHs are
On Tue, 28 Jul 2009, Russell Heilling wrote:
It looks like AS13214 are misbehaving again... We have just started
receiving cyclops alerts indicating that AS13214 is announcing our
prefixes again:
There is talk about this being a new Quagga bug redist:ing kernel routes
into BGP.
I'm
On Tue, Jul 28, 2009 at 11:50:02AM +0100,
Russell Heilling chew...@s8n.net wrote
a message of 75 lines which said:
No. monitors: 1
That's why it's good to use BGP alarm systems with a peer threshold. I
recommend BGPmon http://bgpmon.net/ (today, I run it with a peer
thershold
On 12/05/2009, at 4:47 AM, David Freedman wrote:
Yeah, interesting contact name on this:
person: Fredrik Neij
address:DCPNetworks
address:Box 161
address:SE-11479 Stockholm
address:Sweden
mnt-by: MNT-DCP
phone: +46 707 323819
nic-hdl:
On Tue, Jul 28, 2009 at 11:50:02AM +0100,
Russell Heilling chew...@s8n.net wrote
a message of 75 lines which said:
I guess ROBTEX didn't implement ingress filters after the last
episode...
It *seems* (I do not know them in detail) that Robtex
http://www.robtex.com/, AS 48285, is dedicated
Subject: Re: Anomalies with AS13214 ? Date: Wed, Jul 29, 2009 at 12:27:56AM
+1200 Quoting Nathan Ward (na...@daork.net):
On 12/05/2009, at 4:47 AM, David Freedman wrote:
Yeah, interesting contact name on this:
person: Fredrik Neij
address:DCPNetworks
address:Box 161
On Tue, Jul 28, 2009 at 11:50:02AM +0100,
Russell Heilling chew...@s8n.net wrote
a message of 75 lines which said:
I guess ROBTEX didn't implement ingress filters after the last
episode...
I simply asked them and they told me that DCP (AS 13214) is simply
their transit provider so they
Isn't this the second time that AS13214 seemed to have made a unintentional
misconfig?
On Mon, May 11, 2009 at 3:05 PM, Ricardo Oliveira rvel...@cs.ucla.eduwrote:
Hi all,
First, thanks for using Cyclops, and thanks for all the Cyclops users that
drop me a message about this.
It seems some
Russell Heilling wrote:
2009/5/11 Ricardo Oliveira rvel...@cs.ucla.edu:
Hi all,
First, thanks for using Cyclops, and thanks for all the Cyclops users that
drop me a message about this.
It seems some router in AS13214 decided to originate all the prefixes and
send them to AS48285 in the
Seeing the same thing here. Had alerts from Cyclops roll in for all 7
of our prefixes at: 2009-07-28 08:30:26, lasted 35 mins or so:
Alert ID: 4910940
Alert type: origin change
Monitored ASN,prefix: 174.137.112.0/20
Offending attribute:
On 11/5/09 16:30, Jay Hennigan wrote:
We're getting cyclops[1] alerts that AS13214 is advertising itself as
origin for all of our prefixes. Their anomaly report shows thousands
of prefixes originating there.
Anyone else seeing evidence of this or being affected?
[1]
Same here. Cyclops reporting an origin change but we are seeing no change
in traffic levels.
Still investigating at the moment...
2009/5/11 Jay Hennigan j...@west.net
We're getting cyclops[1] alerts that AS13214 is advertising itself as
origin for all of our prefixes. Their anomaly report
On Mon, 11 May 2009, Russell Heilling wrote:
Same here. Cyclops reporting an origin change but we are seeing no change
in traffic levels.
Still investigating at the moment...
Somewhere, something is confused. I'm seeing cyclops report some of my
prefixes with origins of 6364 (correct),
Seeing the same issues with AS13214 and no corresponding drop in
traffic, route views doesn't show any rogue adverts for out prefixes
either.
-James
On May 11, 2009, at 9:01 AM, Vincent Hoffman wrote:
On 11/5/09 16:30, Jay Hennigan wrote:
We're getting cyclops[1] alerts that AS13214 is
Randy doing testing again?
Jay Hennigan wrote:
We're getting cyclops[1] alerts that AS13214 is advertising itself as
origin for all of our prefixes. Their anomaly report shows thousands of
prefixes originating there.
Anyone else seeing evidence of this or being affected?
[1]
Robert D. Scott wrote:
It looks like Cyclops is seeing these from AS 48285, but I see no indication
they are being advertised to any production upstream provider. Our /16 is
being alerted in Cyclops, but I can not find any advert on any looking
glass.
That's what I'm seeing as well. It's
Yeah, interesting contact name on this:
person: Fredrik Neij
address:DCPNetworks
address:Box 161
address:SE-11479 Stockholm
address:Sweden
mnt-by: MNT-DCP
phone: +46 707 323819
nic-hdl:FN2233-RIPE
source: RIPE # Filtered
On Mon, May 11, 2009 at 2:29 PM, Andree Toonk andree+na...@toonk.nl wrote:
.-- My secret spy satellite informs me that at Mon, 11 May 2009, Jay Hennigan
wrote:
We're getting cyclops[1] alerts that AS13214 is advertising itself as
origin for all of our prefixes. Their anomaly report shows
Hello,
Jay Hennigan wrote:
We're getting cyclops[1] alerts that AS13214 is advertising itself as
origin for all of our prefixes. Their anomaly report shows thousands of
prefixes originating there.
Anyone else seeing evidence of this or being affected?
I have also seen this today for our
Hi all,
First, thanks for using Cyclops, and thanks for all the Cyclops users
that drop me a message about this.
It seems some router in AS13214 decided to originate all the prefixes
and send them to AS48285 in the Caymans, all the ASPATHs are 48285
13214.
The first announcement was on
On Mon, 11 May 2009, bmann...@vacation.karoshi.com wrote:
I certainly do. This time it is a config error, next time it will be
researcher X doing some testing for a NANOG paper, and the time after that
it will be some RBN test to see if anyone cares anymore to look deeply
into what they are
21 matches
Mail list logo